Predicting Probing Rate Severity by Leveraging Twitter Sentiments.

Probing is the first step to gain access to a network. Predicting the rate levels of probing against a network sufficiently ahead of time could be insightful to security analysts and practitioners. Indeed, an accurate prediction would help to understand the potential threats and attacks menacing an organization’s network. However, this prediction problem is a challenging task; prior works make predictions over time horizons not exceeding a few hours. In this work, we propose a machine learning approach to predict the next day probing rate levels for a network telescope by leveraging Twitter users’ sentiments toward the country hosting the network telescope. First, we investigate the relationship between probing rates and Twitter sentiments. Second, we cluster the probing rates to determine the probing severity levels. Finally, we predict future rate levels using several classifiers. We show that incorporating negative sentiments improves significantly the prediction performance. This demonstrates the importance of incorporating social signals as predictors when predicting future probing rates.